We anticipate releasing 8.6.1 (and 8.7) with fixes for this issue, however if this issue is impacting your environment, the recommended workaround is covered in bug 104982. NOTE: in ZCS 8.7+ we are able to easily patch third party packages included with ZCS via package repos.

ZCS 8.6.0 Patch 5 availability

ZCS 8.6.0 Patch 5 is available (officially released Dec 21, 2015). Patch 5 includes fixes for five (5) CVE's (ref: Zimbra Security Advisories). Three of the CVE-IDs referenced in the patch come via 3rd party components shipped w/ZCS. Please note, one of the fixed vulnerabilities is rated as major. See the blog post or the release notes (available from the downloads area for additional notes on ZCS 8.6.0 Patch 5.

[Update: Feb 2, 2016]
If you can not patch immediately, the XSS bug classified as major (bug 101435) can be worked around by either disabling or uninstalling (zmzimletctl undeploy) the com_zimbra_url (aka URL links) zimlet.

A note on Logjam

At this time, the initial impacts to Collab seem to be minimal and are currently limited to the MTA, specifically possible setting changes, depending upon your environment.

Today we updated the MTA Ciphers section of our Collab 8.6 security wiki page. In short, for anyone concerned about the Logjam (cipher downgrade) style of MitM attacks, the use of 'export' and 'low' ciphers in Postfix should be avoided. Please note that Postfix, by default (http://www.postfix.org/postconf.5.html#smtp_tls_ciphers) allows use of lower ciphers. Changing these to 'medium' can reduce client interoperability and/or may cause some clients to fall back to in the clear communication channels instead of using lower grade encryption.

As usual, there are trade-offs involved, but in the light of FREAK (https://freakattack.com) and Logjam (https://weakdh.org) attacks, it may also be argued that using ciphers lower than 'medium' is now potentially providing an illusion of security. With this in mind, our current recommendation is to avoid both 'export' and 'low' ciphers with the hope that complete deprecation of these ciphers will be coming soon.

Update for 8.0.x customers: In Collab 8.0.x, Java 1.7 is used. Unfortunately, in Java 1.7, the DH parameters are hard-coded to 768 bits (excluding when using export cipher suites, which use 512 bits, but those should already be disabled). The workaround is to use the (Nginx) Proxy always. The other option is to disable all DHE suites. Which has the side effect of losing forward secrecy for any user agents that do not support ECDHE. (ref: http://blog.ivanristic.com/2014/03/ssl-tls-improvements-in-java-8.html

May 28, 2015 - Phil Pearl, Security Architect

What the FREAK attack means to Zimbra

Zimbra is aware of a newly disclosed SSL/TLS vulnerability that provides a potential malicious actor with a method to perform a Man-in-the-Middle (MitM) attack the vulnerability is being referred to as FREAK (Factoring attack on RSA-EXPORT Keys), utilizing CVE-2015-0204.

The attack allows a malicious actor to force a downgrade of a secure connection to a vulnerable, export grade encryption (READ: weak encryption). Which, according to Washington Post, is downgraded to 512-bit encryption that was the maximum allowed under the export controls in place during the 1990s in the U.S. The Washington Post piece goes on to say it is possible to crack 512-bit encryption, today, in approximately 7 hours with the use of 75 computers, which can be rented from a cloud computing provider for approximately $100.

A group of cryptographers at INRIA, Microsoft Research and IMDEA have discovered some serious vulnerabilities in OpenSSL (e.g., Android) clients and Apple TLS/SSL clients (e.g., Safari) that allow a 'man in the middle attacker' to downgrade connections from 'strong' RSA to 'export-grade' RSA. These attacks are real and exploitable against a shocking number of websites -- including government websites. Patch soon and be careful.

In addition to Matthew Green's post and the Washington Post article, the freakattack.com site has additional information, including a list of the top domains still vulnerable, as well as a built in check of the browser used to surf to the site.

Zimbra Specifics

Zimbra ships with the OpenSSL library. At this time, Zimbra has assessed Zimbra Collaboration 8.x, 7.x and found no susceptibility to the FREAK attack in the servers. As there is a client side component to this attack, please verify that you are running the latest browsers/clients to lower the risk to this type of attack.

As part of our security program, Zimbra will continue to monitor all developments related to the FREAK vulnerability and update this post as needed.

Mar 05, 2015 - Phil Pearl, Security Architect

GNU C Library Vulnerability — aka GHOST

Zimbra is aware of a Linux vulnerability, specifically the GNU C Library.

Details

The vulnerability appears to have been found by Qualys and disclosed in security advisory CVE 2015-0235. It should be noted that the vulnerability was patched in v 2.17 of the library, but at the time was not categorized as a security issue, leading many to maintain stable versions, i.e. vulnerable versions. This is an operating system vulnerability; at this time, and to the best of our knowledge, there are no known exploits against Zimbra's software related to CVE 2015-0235.

**Recommendation**

Zimbra recommends that anyone running Linux update their systems as soon as possible. And while Linux doesn't usually require a restart, it is recommended to ensure all underlying software services are patched.

Security Advisory: Zimbra Community 8.x Security Vulnerability

Security is top of mind for everyone here at Zimbra, which is why we want to inform you that our team just discovered a security vulnerability in Zimbra Community 8.0 (formerly Telligent Community and Telligent Enterprise). The vulnerability is relegated to a very specific scenario in which a user within Zimbra Community 8.0 is able to view a user password via a specific API call.

Summary: The Zimbra development team has identified a very specific scenario where a user’s password in Community 8 is stored insecurely.

Details: The administrative feature to create users leverages non-public APIs that can force a user’s password to be inadvertently stored insecurely.

Reporter: Alex Crome (Zimbra)

When does this occur?

1. Creating a user through the control panel using Membership Administration (requires administrative privileges)

2. Could occur if a custom plugin was deployed that copied off the extended attributes on a create user event and in turn re-saved those attributes using the UpdateUser API (this is unlikely, but possible)

If you have any questions or would like assistance with applying the patch, please contact support.

On June 5, 2014 the OpenSSL project released asecurity advisory.CVE-2014-0224can allow for a man-in-the-middle (MITM) attack to be carried out between a vulnerable client and vulnerable server. It is also important to note that Zimbra does not use DTLS nor do we have SSL_MODE_RELEASE_BUFFERS enabled.

The impact to Zimbra Collaboration Server is as follows:

ZCS 6 is not affected

ZCS 7 is not affected

ZCS 8 is affected

Specifically, nginx, postfix and OpenLDAP all link to OpenSSL shipped in ZCS8. Other components in the ZCS package also link to the openssl libraries, but the above three are the potentially Internet-facing services that would be attackable. All versions of ZCS8 as released today are vulnerable. ZCS7 is not vulnerable because it uses OpenSSL 1.0.0, which is not vulnerable.

Zimbra has produced a patch for OpenSSL vulnerabily for versions 8.0.3 to 8.0.7. The patch downloads the correct and patched version of OpenSSL for the following versions and then installs the new package:

After a successful patch, ZCS 8.0.7 will be running 1.0.1h. To verify this, run the following as zimbra user:

openssl version

On an 8.0.7 patched system the result should be:

zimbra$ openssl version
OpenSSL 1.0.1h 5 Jun 2014

Earlier versions of ZCS will show other versions of OpenSSL - Zimbra patches the existing OpenSSL version appropriate to each ZCS version.

Continue to the next server and repeat the patch process.

Internet access from each node is required to run this patch automatically. The patch should be installed on all ZCS nodes, most importantly the proxies, MTAs and LDAP nodes.

Also, please note: if you upgrade to a GA release after patching, you would need to re-patch. For example, if you install this patch on ZCS 8.0.6, then upgrade to ZCS 8.0.7, you would need to re-patch against 8.0.7.

Finally, please note that the various Operating Systems are also vulnerable to this issue. The Zimbra patch will not update OS-level openssl libraries. It only updates the openssl package in /opt/zimbra.

Jun 08, 2014 - Phil Pearl, Security Architect

Critical Security Advisory and Builds/Patches for the OpenSSL Heartbleed Vulnerability

Specifically, nginx, postfix and OpenLDAP all link directly to OpenSSL shipped in ZCS8. Other components in the ZCS package also link to the openssl libraries, but the above three are the potentially Internet-facing services that would be attackable. All versions of ZCS8 as released today are vulnerable. ZCS7 is not vulnerable because it uses OpenSSL 1.0.0, which is not vulnerable. Only OpenSSL 1.0.1 and later are reported as being vulnerable.

The patch downloads the correct and patched version of OpenSSL for the following versions and then installs the new package:

ZCS versions 8.0.3, 8.0.4, 8.0.5, 8.0.6, or 8.0.7

ZCA versions 8.0.3 or 8.0.4

Internet access from each node is required to run this patch automatically. The patch should be installed on all ZCS nodes, most importantly the proxies, MTAs and LDAP nodes.

Please note: this vulnerability is being reported as having existed and actively attacked since 2012. As such, the private SSL keys for your platform may already have been compromised. After patching, it is recommended to regenerate your SSL certificates and private keys. This is unfortunate, but the only way to ensure that an attacker cannot decrypt your SSL session data.

Also, please note: if you upgrade to a GA release after patching, you would need to re-patch. For example, if you install this patch on ZCS 8.0.6, then upgrade to ZCS 8.0.7, you would need to re-patch against 8.0.7.

Finally, please note that the various Operating Systems are also vulnerable to this issue if running OpenSSL 1.0.1. The Zimbra patch will not update OS-level openssl libraries - it only updates the openssl package in /opt/zimbra. For example:

RHEL6_64 and UBUNTU12_64 both use OpenSSL 1.0.1 at the OS level and are affected

SLES11_64 and UBUNTU10_64 use OpenSSL 0.9.8 at the OS level, so are not affected